Recalls & safety alerts
Stay informed about recalls and safety alerts issued for products used in veterinary medicine, animal foods, or other animal-related items. AVMA tracks this information and reports recalls and alerts as soon as they are verified. Follow the AVMA on social media to add updates to your social scroll.
Cybersecurity Vulnerabilities with Certain Patient Monitors from Contec and Epsimed
Date issued
Brand
ContecLot code/Notes
The unique device identifier helps identify individual medical devices, including patient monitors, sold in the United States from manufacturing through distribution to patient use. The UDI allows for more accurate reporting, reviewing, and analyzing of adverse event reports so that devices can be identified, and problems potentially corrected more quickly.You can identify the devices affected by checking the unique device identifier (UDI), which is a unique numeric or alphanumeric code that generally includes a device identifier (DI) that identifies the labeler and the specific version or model of a device.
Brand Name: Contec
Version or Model: CMS8000
UDI-DI: 06945040100034
Brand Name: Epsimed
Version or Model: MN-120
UDI-DI: N/A
**NOTE: CVM is sharing these announcements because these products may be used in veterinary settings and the firm also markets a veterinary product, the CMS8000 Vet, that is affected with the same cybersecurity vulnerabilities.
Reason
Three cybersecurity vulnerabilities have been identified:
- The patient monitor may be remotely controlled by an unauthorized user or not work as intended.
- The software on the patient monitors includes a backdoor, which may mean that the device or the network to which the device has been connected may have been or could be compromised.
- Once the patient monitor is connected to the internet, it begins gathering patient data, including personally identifiable information (PII) and protected health information (PHI), and exfiltrating (withdrawing) the data outside of the health care delivery environment.
These cybersecurity vulnerabilities can allow unauthorized actors to bypass cybersecurity controls, gaining access to and potentially manipulating the device.
- The patient monitor may be remotely controlled by an unauthorized user or not work as intended.
- The software on the patient monitors includes a backdoor, which may mean that the device or the network to which the device has been connected may have been or could be compromised.
- Once the patient monitor is connected to the internet, it begins gathering patient data, including personally identifiable information (PII) and protected health information (PHI), and exfiltrating (withdrawing) the data outside of the health care delivery environment.
These cybersecurity vulnerabilities can allow unauthorized actors to bypass cybersecurity controls, gaining access to and potentially manipulating the device.